Multi-factor authentication is a method of authenticating a user's claimed identity in which a user is granted access to a protected resource (e.g., an automated teller machine (ATM), web access to information regarding a bank account, etc.) only after successfully presenting two or more pieces of evidence, or factors, to an authentication service. Factors the user may present for authentication may include knowledge-based factors (e.g., a username, password, etc., based on information the user knows), possession-based factors (e.g., a device, a token, etc., based on something in the user's possession), or inherency-based factors (e.g., a fingerprint, voice, biometric information, etc., based on something the user is).